Vulnerable Drivers Could Allow Execution of Malicious Actions in Windows Kernel

Eclypsium security researchers released details of a design flaw present in more than 40 kernel drivers from 20 hardware vendors. The flaw allows low privilege applications to use legitimate driver functions to execute malicious actions in the Windows kernel and other highly sensitive portions of the Windows operating system. For example, malware running in the user space of the operating system could scan for a vulnerable driver and use it to gain full control of the system. These drivers are made in such a way that allows for arbitrary actions, instead of only allowing the drivers to perform specific tasks. The impacted hardware vendors have been notified by Eclypsium and patches have been issued. Microsoft is using its Hypervisor-enforced Code Integrity (HVCI) capability to blacklist reported drivers. The NJCCIC recommends users and administrators review the Eclypsium blog post for additional details and a list of impacted vendors, and apply patches to all impacted drivers.

AdvisoryNJCCICwindows